Security experts have discovered several malicious Android apps lurking in third-party apps that are posing as cryptocurrency miners. Some of these apps were found posing as miners for unminable cryptocurrencies such as Ripple, Cardano, and Tether. However, in reality, these fake miners have no actual mining abilities. Instead, these apps are basically scams propagating adware.
According to Fortinet researchers, the newly discovered malicious apps are believed to have been “hiding under the radar” since May 2018. Once downloaded, these malicious apps display a fake miner that randomly generates the mining speed. Researchers discovered that no mining activity occurs via these malicious apps.
Although the fake apps go on to display other images that ask the user whether he/she wants to withdraw currencies, at no point is a user able to actually withdraw anything. Even in the event that a user chooses the option to withdraw digital coins, the fake apps are designed to inform the users that the wallet address provided is incorrect.
“As far as we know, the only business around those applications is for their author to display ads and collect revenue,” Fortinet researchers wrote in a blog. “So, basically, the idea is to fool the end-user in downloading an adware.”